lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: abaker at gmail.com (ASB) Subject: Windows Update Just because the Automatic Update service is enabled, doesn't mean that updates will be automatically "installed". There are various options for configuration. I require AU enabled because I'm using SUS, and I control when updates are available. The automatic nature of the service is not an implicit evil. -ASB On Sat, 21 Aug 2004 19:56:14 -0400, ?ber GuidoZ <uberguidoz@...il.com> wrote: > Umm, hold on a sec here... > > (snip from "James Tucker"): > > There really should be no reason why you would want to disable the > > Automatic Updates service anyway, unless you are rolling out updates > > using a centralised distribution system, in which case you would not > >need it anyway. > > I believe you are missing one fundamental point: SPs and updates are > notorious for breaking something else. (Especially from Microsoft.) > Granted, if fixing a security weakness breaks something you're using, > then that aspect could have been written better. However, that still > doesn't fix it when an entire business network goes down and YOU are > the one responsible. I do not allow ANY automatic updates (except for > virus definitions) to run on ANY networks I am in charge of. I take > the time (like every good sysadmin should) to look over each update > before applying it so I know three things: > > 1. What it's fixing/patching > 2. Why it's fixing/patching it > 3. What will be the end result of the fix/patch > > If you would simply allow updates and SPs to have free reign over your > system(s) without taking any time to look over those updates, you're > going to be one busy and irritated sysadmin. That is, if you still > have a job after a little bit. > > ~G > > P.S. Don't take my word for it. Look here: > - http://www.infoworld.com/article/04/08/12/HNdisablesp2_1.html > - http://www.pcworld.idg.com.au/index.php/id;1183008015;fp;2;fpid;1 > - http://www.integratedmar.com/ecl-usa/story.cfm?item=18619 > - http://www.vnunet.com/news/1157279 > - Or, find the other 200+ articles by searching Google News > for "disable automatic update sp2" =) > > > > On Sat, 21 Aug 2004 18:51:40 -0300, James Tucker <jftucker@...il.com> wrote: > > Here I found that I can have BITS and Automatic Updates in "manual", > > Windows Update works fine here. It may be a good idea to refresh the > > MMC console page, as you will probably find that at time the service > > had shut down if and when BITS was stopped prematurely (i.e. when it > > was in use). > > > > There really should be no reason why you would want to disable the > > Automatic Updates service anyway, unless you are rolling out updates > > using a centralised distribution system, in which case you would not > > need it anyway. > > > > If you are worried about system resources, you should look into how > > much the service really uses; the effect is negligable, in fact there > > is more impact if you select (scroll over) a large number of > > application shortcuts (due to the caching system) than if you leave > > Automatic Updates on. If you are worried about your privacy and you > > dont believe that the data sent back and forth has not been checked > > before, then you surely dont want to run Windows Updates ever. If you > > want to cull some real system resources and have not already done so, > > turn the Help and Support service to manual, that will save ~30mb on > > boot, up until the first use of XP help; this will stop help links > > from programs from forwarding to the correct page, until the service > > has loaded once. > > > > As for worry over using bandwidth on your internet service, again, you > > want to check this out as its a trickle service, not a flood. BITS > > does not stand for Bloody Idiots Trashing Service; it means what it > > says on the tin. > > > > On Fri, 20 Aug 2004 14:30:22 -0700, David Vincent > > > > > > <support@...epdeprived.ca> wrote: > > > joe wrote: > > > > > > >Yep, this is how it works now. > > > > > > > >You control whether Windows Update is updating or not via the security panel > > > >in the control panel applets (wscui.cpl). > > > > > > > > > > > To eb complete, I should have mentioned I have Automatic Updates turned > > > off in the control panel. I also had the service disabled before > > > applying SP2 and venturing to Windows Update v5. > > > > > > >Of course if you aren't using automatic update you could always disable the > > > >service and just reenable when you go to do the update, or don't use windows > > > >update at all and just pull the downloads separately. We are talking about a > > > >single command line to reenable that service > > > > > > > > > > > Yep. > > > > > > >Is it a pain? Yes, for those who like to run minimal services. Is it a > > > >security issue or life threatening, probably not. > > > > > > > > > > > Agreed. > > > > > > -d
Powered by blists - more mailing lists